Beta placeholder · last updated 9 June 2026
Privacy notice
This is draft, beta-stage copy provided for transparency while Visaroy is in beta. It describes how we handle the data you bring into the app. The final, legally reviewed version and the registered controller details will replace this before public launch.
Who is responsible for your data
The controller for the data processed through Visaroy is Visaroy (operator, to be confirmed). The registered legal entity and its address are being finalised and will be published here before launch. Until then, you can reach us about any privacy matter at contact@visaroy.app.
What we process
Visaroy is built to keep sensitive identity data transient. The following describes what is handled and where it lives:
- Passport and document contents (names, dates, numbers, and the document images you upload) are processed in memory during your session to extract details and fill the official form. They are sent to our language-model processor for extraction — with zero-data-retention enforced on every request — and are never written to our database.
- Browser-local progress. Your in-progress answers and interface state are held in your own browser (in memory and browser storage) while you work, and are discarded when you close the tab. They are not sent to us except as part of the requests needed to extract data, validate documents, or generate your pack.
- Anonymous session record. We store an anonymous session identifier in our database (Neon) so your session and our rate limits work. It contains no application, profile, or document content — there is currently no way to save an application to our servers.
- Anonymous usage and error data. We record cookieless, anonymous product-analytics events and error reports (for example, which steps were reached and whether an error occurred) using an opaque session identifier. These never include your passport or document contents.
Processors we rely on
We use the following third-party processors to run the service. We share with each one only what that service needs for its stated purpose.
- OpenRouterRoutes chat and document-extraction prompts to the underlying language models that read your answers and uploaded documents. Every request enforces zero-data-retention routing, so prompts are never retained by the model providers.United States / global model providers
- PostHog (EU Cloud)Cookieless product analytics and error monitoring. Receives anonymous usage events and an opaque session id, never your passport or document contents.European Union
- NeonManaged Postgres database that stores your anonymous session record (for sign-in continuity and rate limiting). It contains no application or document content.European Union / United States (configurable)
- OpenStreetMap NominatimLooks up accommodation addresses you enter so the form can be filled with a validated address.European Union (OpenStreetMap Foundation)
- VercelHosts and serves the application and processes requests at the network edge.Global edge network
How long we keep data
Passport and document contents used only to fill the form are processed in memory and are not retained by us after your session, beyond any transient processing logs held by our processors under their own terms. Saved profiles and applications are kept until you delete them or ask us to delete them. Anonymous analytics and error data are retained for a limited period for product and reliability purposes. Exact retention periods will be confirmed in the final notice.
Your rights and how to contact us
Depending on where you live, you may have rights to access, correct, delete, or export your data, to restrict or object to processing, and to lodge a complaint with your data protection authority. To exercise any of these rights, or to ask us anything about how your data is handled, contact contact@visaroy.app. You can also reach us through the contact page.